Ewido Bloccato e Avast Disattivato.. aiuto!
Inviato: lun gen 01, 2007 10:53 pm
ho cercato nel forum e non mi sembra di aver trovato un altro topic con il problema che si è presentato a me. Improvvisamente al riavvio del computer, ho notato che avast è disattivato. Non solo.. se provo ad aprirlo dal menu start, l'icona mi risulta come se il programma non fosse installato. Prova ad installarlo, ma nulla. Se apro Ewido, si blocca. Se provo ad effettuare una scansione online, si chiude la pagina web. Inoltre ho provato ad avviare in modalità provvisoria, ma non me lo permette.
In effetti in giornata scaricando con emule, avast mi aveva segnalato un trojan, ma sembrava essersi cancellato, poi al riavvio successivo è accaduto quanto ho spiegato. La situazione sembra davvero critica.. qualcuno mi aiutiii.. intanto ho effettuato una scansione con hijackthis, e ed ecco il file log
Logfile of HijackThis v1.99.1
Scan saved at 21.46.40, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
E:\Programmi\QuickTime\qttask.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
E:\Programmi\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
E:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\devldr32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\aa\IMPOST~1\Temp\Rar$EX00.344\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - E:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TerraTec Scheduler] E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://monykinaspace.spaces.live.com//P ... nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - E:\Programmi\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe
In effetti in giornata scaricando con emule, avast mi aveva segnalato un trojan, ma sembrava essersi cancellato, poi al riavvio successivo è accaduto quanto ho spiegato. La situazione sembra davvero critica.. qualcuno mi aiutiii.. intanto ho effettuato una scansione con hijackthis, e ed ecco il file log
Logfile of HijackThis v1.99.1
Scan saved at 21.46.40, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
E:\Programmi\QuickTime\qttask.exe
E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
E:\Programmi\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
E:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programmi\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\devldr32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\aa\IMPOST~1\Temp\Rar$EX00.344\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - E:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TerraTec Scheduler] E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://monykinaspace.spaces.live.com//P ... nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - E:\Programmi\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe